Difference between revisions of "ESciDoc Authorization Authentication Architecture"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
==Present architecture== | |||
At present only core services are secured: | |||
#Each resource handler has built-in service interceptor that is intercepting all requests to the service (step 1) | |||
#The service interceptor analyzes the request and forwards it to the PDP engine (step 2) | |||
#The PDP engine provides allow/deny response for the request | |||
#In case of deny response from the PDP engine the service responses with a security exception to the service requestor | |||
[[Image:img_service_interceptor.jpg]] | [[Image:img_service_interceptor.jpg]] | ||
Revision as of 12:06, 15 October 2007
Present architecture
At present only core services are secured:
- Each resource handler has built-in service interceptor that is intercepting all requests to the service (step 1)
- The service interceptor analyzes the request and forwards it to the PDP engine (step 2)
- The PDP engine provides allow/deny response for the request
- In case of deny response from the PDP engine the service responses with a security exception to the service requestor